WordPress sites vulnerable to WooCommerce plugin flaw | Cyber Security
Cyber Security

WordPress sites vulnerable to WooCommerce plugin flaw | Cyber Security

Related Posts

How AI, Machine Learning, and Endpoint Security Overlap

11 Useful Security Tips for Securing Your AWS Environment

 

Researchers have published details of a dangerous in the way the hugely popular WooCommerce interacts with WordPress that could allow an attacker with access to a single account to take over an entire site.

WooCommerce’s four million plus users were first alerted to the issue a few weeks back in the release notes for the updated version:

Versions 3.4.5 and earlier are affected by a handful of issues that allow Shop Managers to exceed their capabilities and perform malicious actions.

This week, PHP security company RIPS Technologies published the research that led to this warning which gives WooCommerce and WordPress admins more of the gory detail.

There are two parts to the vulnerability, the first of which the researchers describe as a “design flaw in the privilege system of WordPress.”

The second, in WooCommerce itself, is an apparently simple file deletion vulnerability affecting versions 3.4.5 and earlier.

Which of the two is the bigger issue will depend on whether you worry more about a site’s e-commerce function or happen to be its admin – either way, the combination spells trouble.

You might also like

Google Launches Cybersecurity Career Certificate Program

ChatGPT Emerges as Key AI Tech for Security Vendors

Hackers Use HTML Smuggling To Distribute Malware by E-mail

5 safety tips to follow while making digital payment transactions

Leave A Reply

Your email address will not be published.